Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. TPMs can be used to perform system integrity measurements. In particular, during the boot process of a computer system, the TPM can measure and record the boot code that is loaded (including firmware and the operating system components). These integrity measurements can be used as evidence for how a system started, and to make sure that a TPM-based key can be used only when the correct software was used to boot the system.
Some full disk encryption solutions, such as the BITLOCKER encryption system included in MICROSOFT WINDOWS, leverage the TPM and a Secure Boot process to determine whether the system has been disrupted to an extent that suggests that the system has been compromised. When the encryption system learns from the Trusted Platform Module that such a situation exists, the key needed by the encryption system to decrypt the disk cannot be retrieved from the TPM. Without being able to decrypt the disk, booting cannot be completed, and the encryption system enters a recovery mode that can only be exited with an extra measure of authentication, such as entering a recovery password.
In some cases, the Secure Boot process uses a Secure Boot policy that specifies, for example, which versions of which operation systems are permissible to boot; which signing keys or certificates qualify a driver or other unit of code to be loaded during the boot process; etc. Some operating systems include a mechanism for automatically updating a computer system's Secure Boot policy, such as to add new versions of a permissible operating system, or remove an authorized signing key.